HackDig : Dig high-quality web security articles for hacker

A supposed “white hat” hacker gained access to the network of the Dallas Office of Emergency Management and managed to set off 156 sirens used to alert of an emergency
Alarms blared for 90 minutes before the city was able to manually shut down the entire system.
How does this continue to happen? Because the current method of stopping malware just isn’t work

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to:
{“_reqid”:1234, “cid”:5678, “t

Cybercrime continues to grow in 2015, and on account of headlines during the past few weeks, it looks like everybody is getting hacked, from Slack and Lufthansa all the way to the Whitehouse.
In order to make some sense of this, let’s take a step back and walk through 6 trends that are driving vulnerabilities and their exploitation to understand the bigger p

RSA Conference USA 2015 is just a few weeks away (April 20-24) in San Francisco. Given the numerous noteworthy cybersecurity events that have occurred over the last 12 months, I expect this conference to be well attended, yet again!
Once more, Microsoft is a Diamond sponsor, and Scott Charney, Corporate Vice President, Trustworthy Computing, will deliver a k

Young people around the globe are taking and sharing nude photos and videos of themselves, and the phenomenon appears to be occurring among younger and younger age groups, according to results from a new study sponsored by Microsoft.
Data released today by the UK-based Internet Watch Foundation (IWF) show 17.5 percent of the more than 3,800 sexually explicit

By Brad Antoniewicz.I've been an adjunct professor at NYU Poly for almost two years now. It's been a great experience for a number of reasons, one of which is because I'm teaching a hot topic: Vulnerability Analysis and Exploitation. The course is the next iteration of the pentest.cryptocity.net content that evolved into the CTF Field Guide by Dan Guido, Tr

Hello,
I am going to demonstrate a little trick to allow you to bypass anti-virus and execute shellcode, this is a publicly known trick that I did not discover. The shellcode I am going to use for this example is the common Metasploit Windows Bind TCP shell, however any shellcode can be used, I have simply chosen this one for simplicity.
As I’m sure

By Cesar Cerrudo @cesarcerEvery day we hear about a new vulnerability or a new attack technique, but most of the time it’s difficult to imagine the real impact. The current emphasis on cyberwar (cyber-warfare if you prefer) leads to myths and nonsense being discussed. I wanted to show real life examples of large scale attacks with big impacts on criti

By Cesar Cerrudo @cesarcerDisclaimer: I did not perform any illegal attacks on the mentioned websites in order to get the information I present here. No vulnerability was exploited on the websites, and they are not known to be vulnerable.Given that we live in an age of information leakage where government surveillance and espionage abound, I decided in this